A Man-in-the-Middle attack (MitM) is, as the name suggests, a type of cyber attack that takes place when a third party exploits the position between two communicating parties, both of whom believe they are communicating directly to each other over a secure connection. It's a type of espionage in which the third party monitors or intercepts the communication - meaning that the hacker is intercepting and capturing information that may be of a personal nature.
MitM attacks are very dangerous as they can allow cyber criminals to intercept and manipulate sensitive data in real time, including
- Login details
- Account details
- Credit card information
The most frequent form of MitM attacks are so-called Man-in-the-Browser Attacks, which consist of an attacker infecting the victim's browser with malware. This malware is often the result of a successful phishing attack. The motive behind this type of attack is typically to steal financial information; the attacker will usually intercept the victim's internet traffic to online banking or webshops.
How does the MitM attack work?
In a MitM attack, the hacker finds his way to online communications or other types of online transactions between two parties. This could be the connection between a user and a webshop.
As mentioned above, the hacker gains access to the user's browser and data by installing malware on the browser, typically through a phishing email. The main purpose of MitM attacks is to gain access to online banking and/or webshops, because these types of sites require special secured credentials, which the hacker gets in MitM attack.
In very basic terms, the approach typically consists of the following two steps:
- Data interception: Here the hacker intercepts a transaction of data or communication between two parties. The hacker tricks the parties into believing that they're exchanging information with each other, while at the same time the hacker intercepts this data and establishes a new connection to the original site. The hacker establishes an insecure HTTP connection to the user. When the user logs into this insecure website, the hacker can steal the user's data and redirect him to a fake website that looks like the original one. The fake website collects all relevant user data, which the hacker can then exploit on the original website.
- Decryption: This part decrypts the captured data. The hacker can then decode the data and use it to his advantage. They can for instance carry out identity theft or sell your data on the dark web.
Different types of MitM attacks
There are, however, several different types of MitM attacks, all of which are carried out using different techniques, including:
- Internet Protocol spoofing: IP spoofing involves cyber criminals modifying the IP address of, for example, a website or an email address to trick the user into thinking it is a legitimate source. This means that the sensitive information they pass on ends up with the hacker instead.
- Domain Name System spoofing: As with IP spoofing, DNS spoofing perpetrators modify the domain name to redirect traffic to their fake site instead of the original site. They do this to trick users into thinking they are landing on a legitimate, secure and trustworthy page where they can enter sensitive information.
- HTTP spoofing: HTTPS is for most people the indication of a secure and trustworthy website - the -s stands for secure. However, in an HTTP spoofing attack, a browser session is redirected to an insecure connection without the user's consent. Through this redirection, the hacker can monitor the user's interactions.
- Secure Sockets Layer hijacking: SSL hijacking establishes an encrypted connection between a browser and a server, allowing the criminal to intercept all information between the server and the user's computer.
- E-mail hijacking: In this type of MitM attack, cyber criminals gain control of e.g. banking mail accounts to monitor users' transactions. In some cases, the criminals will even send fake emails from the bank's email address to the users, in order to get information out of them or even get them to transfer money to the criminals.
- WiFi monitoring: This type of attack exploits public WiFi connections. Here, you're lured into connecting to malicious WiFi connections because the criminals have set up a network with a name similar to that of nearby businesses.
How to minimise the risk of a MitM attack
The best thing you can do to protect yourself against MitM attacks is to implement some preventive security measures. For example, you can:
- Only visit secure connections: Make sure you only visit websites that have 'HTTPS' in the URL bar, not just 'HTTP'. You can also look for a padlock icon in the URL bar, as this indicates that you're using a secure connection. Of course, you should also make sure that you only connect to secure WiFi connections.
- Use multi-factor authentication (MFA): MFA adds an additional layer of security to your online accounts because your login does not depend solely on your password, but also on a secondary password, biometric data or one-time password.
- Avoid phishing emails: Although phishing emails can look eerily legitimate, always think twice before clicking on a link in an email. In fact, we recommend that you never click on any link that you receive - regardless of who the sender may be, as there is a high risk that the link may be malicious. This is also why we at Moxso train employees to identify phishing emails through our phishing simulations.
- Use VPN connections: A VPN connection encrypts internet connections and online transactions of data such as passwords and credit card details. You should therefore always use a VPN when connecting to unsecured or public WiFi networks. This is because a VPN can catch a potential Man in the Middle attack.
- Anti-malware: It probably goes without saying: Make sure you have anti-malware implemented to prevent a hacker from infecting your computer.
- Awareness training: We recommend awareness training at any time, as it increases your overall cyber hygiene and therefore also reduces the risk of being hit by a MitM attack. At Moxso we offer human-centred awareness training.
- Remember online behavior: Online behavior is crucial when it comes to good cyber hygiene - if you're aware of the different elements that can affect your online activities, you'll have the best online behavior and cybersecurity.
What to do if you are hit by a MitM attack
Man in the Middle attacks can unfortunately affect anyone who uses the internet. That's why it's also important to keep the above advice in mind when you're online.
The consequences can be significant and large. Being the victim of a MitM attack can include identity theft or have significant financial costs.
As always, if you discover that you have had an accident, for example by clicking on a link in a phishing email, it is important to contact the IT managers at your workplace asap. This will ensure that the correct procedures are put in place and hopefully minimise any damage. That's why you should have an attack surface management plan which makes it clear how you should react to a cyberattack.
This post has been updated on 25-07-2023 by Emilie Hartmann.
Emilie Hartmann is a student and copywriter at Moxso, where she is a language nerd and always on the lookout for new and exciting topics to write about. She is currently doing her Master's in English, where she is primarily working in the fields of Creative Writing and Digital Humanities.View all posts by Emilie Hartmann